Digital identity — a statement from the DTA
18 October 2018
The opinion piece written by Fergus Hanson and published by the Australian Strategic Policy Institute misrepresents Australia’s digital identity program.
The report was inaccurate and contained many factual errors. It was not an informed or objective appraisal of the program.
The Digital Transformation Agency (DTA) generously engaged with the author multiple times, providing feedback on factual errors which were not addressed in the final report. This is disappointing given the profile of the Australian Strategic Policy Institute.
The association of China’s social credit system and the Australia Card with Australia’s new digital identity program has no basis. Nor do claims that private sector companies will be able to harvest user data. These demonstrate a clear misunderstanding of how the digital identity system is intended to work.
The digital identity program will not issue identifiers or cards. It will use a ‘double blind’ architecture where the identity exchange sits between the digital service and the identity provider. This protects a person’s identity by making sure that no identity provider can see the services being accessed, and services cannot see the personal information from the identity provider.
The opinion piece also describes the myGov website as a credential. This is not correct. myGov is the government’s online portal, used by over 11 million Australians to access up to 11 government services, such as MyTax, Medicare and Centrelink.
This again demonstrates a lack of understanding about the systems currently in place, in addition to emerging ones.
Another key assertion is that two digital identity systems are being built, which will compete against each other. This is incorrect. The digital identity federated model allows for multiple identity providers but only one system. This means people using the system will be able to choose to set up their digital identity with their provider of choice.
The system is also opt-in, so people will have a choice whether or not to use it.
The DTA takes its obligation to protect the privacy of Australian citizens very seriously. We have consulted with thousands of people in developing the system, including privacy advocates and community groups. The DTA will be releasing the outcomes of a privacy assessment on our website soon.
The digital identity program is aligned with the Australian Privacy Principles and the Privacy Code, the Information Security Registered Assessors Program, and the Australian Government Protective Security Policy Framework and Information Security Manual. It requires participants to undertake independent security testing and assessments.
Delivering a safe and secure system that will operate with integrity and make the lives of users simpler and easier has been at the heart of the design of the system from the very beginning.
Our objective is to build a digital identity program that will support Australia’s future economic and social prosperity.